The Brazilian Ministry of Justice published today, for public consultation, the first draft regulation for the Internet Legal Framework. The draft decree sets out specific rules with respect to net neutrality and data collection by connection and application providers. The public consultation ends on February 29, and comments can be submitted via the Ministry of Justice′s website.
The Internet Civil Framework′s net neutrality requires that all data transmitted over the Internet be treated equally, without discrimination based on content, origin, destination, service, terminal or application. There are two exceptions where discrimination is permitted: (i) in view of technical requirements for the provision of internet services or (ii) if necessary for prioritizing emergency services. The draft regulation sets forth an exhaustive list of situations that meet such exceptions, such as processing network security matters (including restricting the delivery of spam and controlling DoS attacks) and "processing indispensable matters for the adequate enjoyment of applications, in view of the user experience quality warranty" (although the draft does not specify what such matters may be).
The draft also addresses commercial agreements between telecommunications operators and application providers, establishing that commercial offers and internet access charging models must preserve an open internet, contributing to the construction of an inclusive and non-discriminatory society. According to the draft, agreements between connection providers and application providers are subject to assessment by the competent body, but the draft does not detail criteria for such commercial agreements.
As regards data protection, the draft sets forth several transparency obligations for the protection of records, personal data and private communications. The draft also creates minimum security standards for the storage and processing of data, including establishing strict control over data access, setting forth authentication mechanisms for accessing records and using record management solutions by means of cryptography technologies or equivalent protection measures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.